Offer summary

Qualifications:

Strong desire to understand how things work and the ability to quickly absorb new information., Familiarity and practical experience with Application Security Testing (AST) tools., Proven experience as a consultant, engineer, or auditor, ideally working on/with web applications., Willingness to work with multiple programming languages, mainly Go, Rust, Python, and JavaScript..

Key responsabilities:

Design and implement security and defense-in-depth controls to prevent and limit vulnerabilities.

Develop security tooling and workflows for early detection of vulnerabilities.

Collaborate with core contributors to conduct internal security audits and reduce supply-chain risk.

Triage and respond to potential security incidents across all parts of the stack.

Job description

Asymmetric Research:

Asymmetric Research ("AR") is a boutique security venture focused on deep partnerships with L1/L2 blockchains and DeFi protocols in an effort to keep them safe. We specialize in four core domains of web3 security: research, engineering, incident response, and infrastructure services. We help teams fortify their smart contracts, infrastructure, and security postures against emerging threats through deep, long-term partnerships.

Culture:

AR is a fully remote organization with deep open source roots. Members of our team have shaped security programs at organizations like Google, Netflix, Mozilla, Stripe, and Jump Crypto. We pride ourselves on maintaining the highest levels of confidentiality, integrity, and professionalism.

Responsibilities:

We’re looking for an Application Security Engineer who thrives in high-stakes environments. In this role, you’ll work hands-on with top DeFi teams and external audit firms. You’ll develop custom tooling, monitoring systems, and security frameworks. As a company, we aim to be where you'll do the best work of your career. Tackle complex security challenges supported by an integrity-driven team that values deep technical expertise and relentless curiosity.

Design and implement security and defense-in-depth controls to prevent and limit vulnerabilities.
Develop security tooling and developer workflows to aid in the early detection of vulnerabilities.
Collaborate with core contributors to conduct internal security audits of off-chain infrastructure.
Harden CI/CD pipelines and constrain the attack surface of off-chain components.
Collaborate with core contributors to reduce supply-chain risk.
Triage and respond to potential security incidents across all parts of the stack.
Work in a diverse decentralized team environment with web3 professionals.
Clearly communicate security risks and solutions.
Adhere to the highest standards of integrity, trust, and professionalism.

Requirements:

Strong desire to understand how things work and the ability to quickly absorb new information.
Familiarity and practical experience with Application Security Testing (AST) tools.
Proven experience as a consultant, engineer, or auditor, ideally working on/with web applications.
Prior experience working with open source development practices.
Willingness and aptitude to work with and write in multiple languages, mainly Go, Rust, Python, and JavaScript.
Experience with reverse engineering and/or fuzzing.
Experience with code reviews.

Benefits: